CVE-2024-29010

HIGH

GMS <9.3.4 - Info Disclosure

Title source: llm

Description

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions.

References (1)

[Various Sources] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007

Scores

CVSS v3 7.1

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

SonicWall/GMS 9.3.4 and earlier versions

Published May 01, 2024

Tracked Since Feb 18, 2026